<?php

namespace App\Http\Middleware;

use Closure;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Route;
use Illuminate\Support\Facades\DB;
use App\Http\Controllers\Traits\Base;


class OperateVuls
{

    use Base;
    /**漏洞操作中间件
     * @param $request
     * @param Closure $next
     * @param null $guard
     * @return mixed
     */
    public function handle($request, Closure $next, $guard = null)
    {
        /*----------角色权限判定--------------*/
        $user_id = Auth::id();//用户id
        $role= $this->getRole($user_id);
        /*-----------过滤超级管理员--------------*/
        if(in_array(1, $role))
        {
            return $next($request);
        }
        $access=$this->getAccess($role);
        $action = Route::currentRouteAction();
        $mid=explode("@", $action);
        $action=$mid[1];
        if($action=="shutDownForm")
        {
            /*-------------从前一个状态判断是否有当前状态的关闭权限------------------*/
            $vuls = $this->getVuls($request->id);
            $vuls = $vuls->toArray();
            if ($vuls[0]->status == 5){
                $nodeId=$this->getNodeId("solvedForm");
            }elseif ($vuls[0]->status == 8)
            {
                $nodeId=$this->getNodeId("ignoreForm");
            }elseif($vuls[0]->status == 11)
            {
                $nodeId=$this->getNodeId("noEffect");
            }else{
                return back()->with("flow_error","无此权限");
            }
        }else{
            $nodeId=$this->getNodeId($action);
        }
        if(empty($access)) return back()->with("flow_error","无此权限");
        if(!$nodeId) return back()->with("flow_error","无此权限");
        if(in_array($nodeId[0], $access))
        {
            return $next($request);
        }else{
            return back()->with("flow_error","无此权限");
        }
//        /*--------------组织机构权限判定--------------*/
//        $ogz=$this->userLinks();
//        $apps=$ogz['apps'];
//        if($apps==-1){
//            return back()->with("flow_error","无此权限");
//            exit();
//        }
//        $app_id=DB::table("vuls")->where('id',$request->id)->pluck("role_id")->toArray();
//        $app_id=$app_id[0]->app_id;
//        if(in_array($app_id, $apps))
//        {
//            return $next($request);
//        }else{
//            return back()->with("flow_error","无此权限");
//        }

    }

    /**获取指定id用户角色组
     * @param $id
     * @return bool
     */
    public function getRole($id)
    {
        if(empty($id)) return false;
        return DB::table("assigned_roles")->where("user_id",$id)->pluck("role_id")->toArray();
    }

    /**获取指定用户的权限组
     * @param $role
     * @return bool
     */
    public  function  getAccess($role)
    {
      if(empty($role)) return false;
        return  DB::table("permission_role") ->whereIn('role_id', $role)->pluck("permission_id")->toArray();
    }

    /**
     * 获取漏洞状态流转中的操作节点id
     * @param $node
     * @return bool
     */
    public  function  getNodeId($node)
    {
        if(empty($node)) return false;
         $name="vuls-".$node;
        return  DB::table("permissions") ->where('code', $name)->pluck("id")->toArray();
    }
    public function getVuls($id)
    {
        if (!(int)$id) {
            return false;
            exit();
        }
        return $vuls = DB::table('vuls')
            ->where('id', '=', $id)
            ->get();
    }
}

